home

lukernel.exe

LUKernel

Avanquest Software

This is a setup program which is used to install the application. The file has been seen being downloaded from a.fw-a.co and multiple other hosts.
Publisher:
Avanquest Software

Product:
LUKernel

Description:
LiveUpdate Kernel

Version:
1.33

MD5:
b4eaa52be141199586a0817e85939fc4

SHA-1:
e6a8cc69a1e3dfb61e8b217f2a7ebecfd7193cf3

SHA-256:
cd4a15cc2c28361c0909858b28eb23fcff009f08131e1737f7965aac58448e85

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 3:37:32 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

File size:
2.6 MB (2,760,775 bytes)

Product version:
1.33

Copyright:
Copyright © Avanquest Software 2013

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\lukernel.exe

File PE Metadata
Compilation timestamp:
2/27/2013 4:13:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:1YLRWcTYQNINb9gVAl1pf2nQa/UYOVkdF4ttSpaLY4BGQJOAetcttRHs:eWcYBPl1pungk2FZJEtct7M

Entry address:
0x4E2F7

Entry point:
E8, 62, A5, 00, 00, E9, 79, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 20, 11, 4B, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 20, 11, 4B, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C0...
 
[+]

Code size:
543.5 KB (556,544 bytes)

The file lukernel.exe has been seen being distributed by the following 2 URLs.

http://a.fw-a.co/?xcust=FWcvei3r&id=115X1054706&url=http://www.gspsupport.co.uk/media/.../LUKernel.exe

http://www.gspsupport.co.uk/media/.../LUKernel.exe

Scan lukernel.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.